A discussion of documentation requirements for ISO 9001 and why its sometimes bad reputation is undeserved.
The International Organization for Standardization (ISO) has developed internationally recognized standards that specify the requirements of an effective management system. The ISO 9000 family of standards deals with the requirements for a quality management system. The required elements that organizations seeking certification must fulfill are found in ISO 9001:2008,
the latest revision. ISO 9004 provides guidance for organizations whose management wants to ensure sustained success in a constantly changing environment. It is not intended for use in certification. ISO 9000 deals with the fundamentals and vocabulary upon which 9001 and 9004 are based.
The major sections of ISO 9001:2008 relate to documentation requirements, management responsibility, resource management, product realization, and a final section on measurement, analysis, and improvement. A quality policy is also required and employees are expected to be familiar with it. In fact, as part of their interviews with employees, auditors will ask them if they are familiar with the company's policy. An annual management review and internal audit are also important parts of a quality management system.
The standard has a bad reputation regarding the amount of documentation that is required. Many people feel that ISO certification results only in excessive bureaucracy with little value added in return. This view is further advanced in the minds of employees whose companies have sought registration primarily because of pressure from customers.
Section 4.2 of the standard relates to documentation requirements. The general requirements include:
a) documented quality objectives and a quality policy
b) a quality manual
c) documented procedures and records
d) documents and records necessary to ensure effective process control.
Sections 4.2.2 through 4.2.4 provide more detailed information regarding the requirements for the quality manual, control of documents, and control of records.
Other than the few specific documents required by the standard, it is largely up to the organization to determine what it needs. Document requirements can be summarized in the familiar saying "do what you say and say what you do".
The standard has a bad reputation regarding the amount of documentation that is required. Many people feel that ISO certification results only in excessive bureaucracy with little value added in return. This view is further advanced in the minds of employees whose companies have sought registration primarily because of pressure from customers.
The answer to the question of whether ISO certification creates a documentation nightmare lies in an organization's approach to it. If documents are maintained solely for the purpose of doing well on an audit, the exercise likely will be burdensome and of little worth. Additionally, the responsibility of maintaining the system will fall on the shoulders of one or two people with little ownership on the part of everyone else. An ineffective document control system will eventually manifest itself in the form of bad product and dissatisfied customers. On the other hand, if certification is viewed as an avenue to continuous improvement, as it was intended, it will become the framework upon which sound quality practices are built. Consistency in process management will continue even as people move from position to position within the organization.
The 2000 edition of ISO 9001 defines "product" as that which is intended for or required by a customer. The 2008 revision adds "any intended output resulting from the product realization processes" to that definition. It also adds a reference to "producing the desired outcome" in its discussion of the process approach.